[Profiler] Log information about secure-execution mode (#4196)

gleocadie · web-flow · commit 5a0f7f5a6023 · 2023-05-30T21:08:49.000+02:00
* Log information about secure-execution mode
* Do not log user/group id
diff --git a/profiler/src/ProfilerEngine/Datadog.Profiler.Native/OpSysTools.cpp b/profiler/src/ProfilerEngine/Datadog.Profiler.Native/OpSysTools.cpp
@@ -22,6 +22,7 @@
 #define _GNU_SOURCE
 #include <errno.h>
 #include "cgroup.h"
+#include <sys/auxv.h>
 #endif
 
 #include <chrono>
@@ -386,6 +387,17 @@ bool OpSysTools::IsSafeToStartProfiler(double coresThreshold)
             }
         }
 
+        // Check if process is running is a secure-execution mode
+        auto at_secure = getauxval(AT_SECURE);
+        Log::Info("Is process running in a secure execution mode ? ", std::boolalpha, at_secure);
+        // Reasons for which AT_SECURE is true:
+        //   User ID != Effective User ID
+        Log::Info("Process User ID differs from Effective User ID ? ", std::boolalpha, getuid() != geteuid());
+        //   Group ID != Effective Group ID
+        Log::Info("Process Group ID differs from Effective Group ID ? ", std::boolalpha, getgid() != getegid());
+        // TODO check capabilities (for now checking capabilities requires additional packages/libraries)
+        // if at_secure is true, we know that it due to the capabilities
+
         return false;
     }
 
